Added AWS credentials via Github OIDC

Author: nithyathokala

.github/workflows/healthcheck-app-existingVpc-Ubuntu-Thurs.yml

@@ -6,6 +6,9 @@ on:
  workflow_dispatch:
  schedule:
     - cron: '0 15 * * 4'
+permissions:
+  id-token: write
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -16,6 +19,12 @@ jobs:
       uses: actions/setup-python@v4
       with:
         python-version: '3.13'
+    - name: Configure AWS credentials via OIDC
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ secrets.oidc_role_arn }}
+        aws-region: us-east-1
+        role-duration-seconds: 7200
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
@@ -31,7 +40,4 @@ jobs:
     - name: MATLAB Web App Server Reference Architecture Health Check Test Ubuntu Existing VPC Ubuntu us-east-1 region
       run: |
         cd healthcheck
-        export AWS_ACCESS_KEY_ID=${{ secrets.aws_access_key_id }}
-        export AWS_SECRET_ACCESS_KEY=${{ secrets.aws_secret_access_key }}
-        export AWS_REGION="us-east-1"
-        python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.KeyPairName }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "us-east-1" "Ubuntu"
+        python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameVirginia }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "us-east-1" "Ubuntu"

.github/workflows/healthcheck-app-existingVpc-Win-Tue.yml

@@ -6,6 +6,9 @@ on:
  workflow_dispatch:
  schedule:
     - cron: '0 15 * * 2'
+permissions:
+  id-token: write
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -16,6 +19,12 @@ jobs:
       uses: actions/setup-python@v4
       with:
         python-version: '3.13'
+    - name: Configure AWS credentials via OIDC
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ secrets.oidc_role_arn }}
+        aws-region: eu-west-1
+        role-duration-seconds: 7200
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
@@ -31,7 +40,4 @@ jobs:
     - name: MATLAB Web App Server Reference Architecture Health Check Test Windows Existing VPC Windows eu-west-1 region
       run: |
         cd healthcheck
-        export AWS_ACCESS_KEY_ID=${{ secrets.aws_access_key_id }}
-        export AWS_SECRET_ACCESS_KEY=${{ secrets.aws_secret_access_key }}
-        export AWS_REGION="eu-west-1"
-        python test_webappserver_refarch_existingvpc.py ${{ secrets.KeyPairNameIreland }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "eu-west-1" "Windows"
+        python test_webappserver_refarch_existingvpc.py ${{ secrets.OIDCKeyPairNameIreland }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "eu-west-1" "Windows"

.github/workflows/healthcheck-app-newVpc-Ubuntu-Mon.yml

@@ -8,6 +8,9 @@ on:
  push:
  schedule:
     - cron: '0 15 * * 1'
+permissions:
+  id-token: write
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -18,6 +21,12 @@ jobs:
       uses: actions/setup-python@v4
       with:
         python-version: '3.13'
+    - name: Configure AWS credentials via OIDC
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ secrets.oidc_role_arn }}
+        aws-region: us-east-1
+        role-duration-seconds: 7200
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
@@ -33,7 +42,4 @@ jobs:
     - name: MATLAB Web App Server Reference Architecture Health Check Test Ubuntu New VPC Ubuntu us-east-1 region
       run: |
         cd healthcheck
-        export AWS_ACCESS_KEY_ID=${{ secrets.aws_access_key_id }}
-        export AWS_SECRET_ACCESS_KEY=${{ secrets.aws_secret_access_key }}
-        export AWS_REGION="us-east-1"
-        python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.KeyPairName }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "us-east-1" "Ubuntu"
+        python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameVirginia }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "us-east-1" "Ubuntu"

.github/workflows/healthcheck-app-newVpc-Win-Wed.yml

@@ -6,6 +6,9 @@ on:
  workflow_dispatch:
  schedule:
     - cron: '0 15 * * 3'
+permissions:
+  id-token: write
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -16,6 +19,12 @@ jobs:
       uses: actions/setup-python@v4
       with:
         python-version: '3.13'
+    - name: Configure AWS credentials via OIDC
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ secrets.oidc_role_arn }}
+        aws-region: ap-northeast-1
+        role-duration-seconds: 7200
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
@@ -31,7 +40,4 @@ jobs:
     - name: MATLAB Web App Server Reference Architecture Health Check Test Windows New VPC Windows ap-northeast region
       run: |
         cd healthcheck
-        export AWS_ACCESS_KEY_ID=${{ secrets.aws_access_key_id }}
-        export AWS_SECRET_ACCESS_KEY=${{ secrets.aws_secret_access_key }}
-        export AWS_REGION="ap-northeast-1"
-        python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.KeyPairNameTokyo }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "ap-northeast-1" "Windows"
+        python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameTokyo }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "ap-northeast-1" "Windows"

healthcheck/refarch_testtools/deploy.py

@@ -5,7 +5,7 @@
 from botocore.exceptions import WaiterError
 
 _logger = logging.getLogger("deploy")
-
+logging.basicConfig(level=logging.INFO)
 
 def deploy_stack(template_url, template_parameters, region, stack_base_name="refArchTest", extra_parameters={}):
     stack_name = _create_stack_name(stack_base_name)